Securing Remote Computers Accessing Office Computers Via Remote Web Workplace

I have a client with a Windows SBS 2008 server that is providing access to the office computers, for those who have a computer in the office, and to the Windows 2008 Terminal Server, for those who do not have a computer in the office.

Some people have company laptops that they take home, some people work on compnay desktops at remote offices and some people work from home using their personal computers.

I am worried about the people working from home using their personal computers. My concern is that they can have or they could get a key logger malware app on their home computers that reports back the Remote Web Workplace URL, their usernames and their passwords. The Remote Web Workplace URL and the user’s login info would give the malware writer/operator access to the company’s data, not unlike how bank accounts and online gaming accounts often get cracked.

I am looking for a solution to secure access to the office network via Remote Web Workplace in such a way that I do not have to install any software on the home user’s personal computers.
wmtraderAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony JohncockLead Technical ArchitectCommented:
The simplest solution here I think would be two-factor authentication.

This gives your users a token of some kind and is based around something that they know (their password and maybe a PIN they append to their token code) and something they have - i.e. a physical token of some kind.

There are physical solutions, such as the SafeWord products (I've had a preference for these over the years, as they tend to be cheaper than say RSA, don't die like some [some have a 'death date' after whichthey stop functioning] and can be more easily integrated into the infrastructure for just some users).

Other alternatives include SMS based options whereby a one time use code is sent to a users registered mobile phone.

Either kind of mechanism will negate keyloggers' because the end point log won't include anything useful about the 2nd one-time-use factor.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cliff GaliherCommented:
I agree that two-factor authentication would mitigate your concern. However, many two-factor mechanisms don't work well with RWW because of how that feature is designed, I recommend RWWGuard from Scorpionsoft.  Written by a Microsoft Security MVP, designed for RWW/RWA, and a large SBS support base, it has a lot of traction in the marketplace.

-Cliff
wmtraderAuthor Commented:
I went with the two-factor authentication and I found 2 solutions that work with Win SBS 2011 RWW that I'll be testing, SafeWord from SafeNet Inc and AuthAnvil from Scorpion Software.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.